GDPR: What’s Next?

Bill Smith

“Google knows when I ate an açai bowl and when I inject insulin to counteract it.”

That was Robert deBrauwere, partner & co-chair at Pryor Cashman’s Digital Media Practice Group, talking about the personal data collected by his insulin pump, which has AI capabilities.

He was making a point about the potential ramifications of data collection, concerns over which helped spawn the General Data Protection Regulation (GDPR) enacted in Europe in May 2018 to address consumer unease regarding how companies share and manipulate the increasing amount of data they collect. As deBrauwere illustrated, our society is increasingly connected to devices that monitor, upload, track and analyze personal data.

“Quality over quantity.”

deBrauwere made his comment at a recent breakfast seminar for communicators, marketers and general counsels hosted by Makovsky. The goal of the seminar was to decode the 100-page GDPR legislation, and featured a panel discussion including deBrauwere, Catherine Keenan, vice president for Public Affairs, Sustainability and Environment Health and Safety at Trinseo, and Hannah Crowther, a senior associate on the data protection team at Bristows LLP in London.

Makovsky’s Matt Higgins, senior vice president for Digital & Innovation, kicked off the discussion by noting the increased emphasis on “quality over quantity” when it comes to consumer data and posed the question “how do we maintain a personalized experience for our end customer while preserving brand trust?”

The 90-minute discussion focused on three core themes, including whether the U.S. would be next to install data privacy laws, the likelihood of individual states adopting data privacy legislation–along with a conversation regarding the California Consumer Privacy Act of 2018, which is set to dramatically change how businesses handle data in the most populous state–and each panelists’ professional experience in both addressing and communicating the impact of GDPR.

“There’s a lot here that’s bonkers.”

Crowther, who has experience navigating European data regulations such as e-Privacy and the Data Protection Act 2018, noted that GDPR was “principles-based” and took four years to develop. One large issue with the current regulatory framework is that many companies don’t even know what data they are housing that might be illegal. In regard to red tape that the framework has created, Crowther noted that “there’s a lot here that’s bonkers.”

Even though companies can be penalized either $20 million or 4% of their global turnover (sales) in fines for non-compliance, Crowther offered that “there’s no company in the world that’s 100% compliant, unless perhaps you’re a cash-only bake sale.”

Keenan captured the attention of the room’s social media experts when she noted that GDPR states that companies are not allowed to post employees photos on social media without getting explicit approval from the individual. (I was particularly intrigued given the many photos taken at Makovsky’s 2014 karaoke outing where I definitely did not dance to NSYNC’s “Tearin’ Up My Heart.”)

Keenan also explained that Trinseo is currently navigating data privacy rules and preferences across several continents and countries, including Germany (where there is a historic cultural affinity for strict data privacy), as well as the United States (less so), and China, which according to Keenan “is our next big concern” based on government limitations in regard to digital communications.

GDPR presents a new marketing opportunity

Despite the new regulations and resulting administrative efforts, the panelists agreed that GDPR also presented marketing opportunities. Keenan noted that the audit her team conducted prompted widespread consolidation and streamlining of the firm’s marketing contacts which helped organize the firm’s operations.

Crowther also put a positive spin on the changes implemented by GDPR, noting that if there were someone on the email distribution list who received an email newsletter every day for three years and never opened a single email, perhaps they were not interested in the company emails and would not suffer if they were removed from the distribution list.

Higgins closed out the conversation by noting that increased data privacy regulations such as GDPR give companies the opportunity to earn an opt-in through conversation and genuine engagement. Which will certainly go a long way towards earning trust.

For more highlights from our GDPR seminar, search for the hashtag #GDPRnext on Twitter–and don’t forget to follow us!